| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <6de587ad97ca3f053cd6dae3df9a4af945d8c17d.camel@linux.ibm.com>
Date: Tue, 14 Jan 2025 09:32:25 -0500
From: Mimi Zohar <zohar@...ux.ibm.com>
To: Roberto Sassu <roberto.sassu@...weicloud.com>, viro@...iv.linux.org.uk,
brauner@...nel.org, jack@...e.cz, dmitry.kasatkin@...il.com,
eric.snowberg@...cle.com, paul@...l-moore.com, jmorris@...ei.org,
serge@...lyn.com
Cc: linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org,
linux-integrity@...r.kernel.org, linux-security-module@...r.kernel.org,
Roberto Sassu <roberto.sassu@...wei.com>
Subject: Re: [PATCH v2 4/7] ima: Mark concurrent accesses to the iint
pointer in the inode security blob
On Thu, 2024-11-28 at 11:06 +0100, Roberto Sassu wrote:
> From: Roberto Sassu <roberto.sassu@...wei.com>
>
> Use the READ_ONCE() and WRITE_ONCE() macros to mark concurrent read and
> write accesses to the portion of the inode security blob containing the
> iint pointer.
>
> Writers are serialized by the iint lock.
>
> Signed-off-by: Roberto Sassu <roberto.sassu@...wei.com>
Thanks, Roberto.
Reviewed-by: Mimi Zohar <zohar@...ux.ibm.com>
> ---
> security/integrity/ima/ima_iint.c | 6 +++---
> 1 file changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/security/integrity/ima/ima_iint.c b/security/integrity/ima/ima_iint.c
> index fca9db293c79..c763f431fbc1 100644
> --- a/security/integrity/ima/ima_iint.c
> +++ b/security/integrity/ima/ima_iint.c
> @@ -32,7 +32,7 @@ struct ima_iint_cache *ima_iint_find(struct inode *inode)
> if (!iint_lock)
> return NULL;
>
> - return iint_lock->iint;
> + return READ_ONCE(iint_lock->iint);
> }
>
> #define IMA_MAX_NESTING (FILESYSTEM_MAX_STACK_DEPTH + 1)
> @@ -99,7 +99,7 @@ struct ima_iint_cache *ima_inode_get(struct inode *inode)
>
> lockdep_assert_held(&iint_lock->mutex);
>
> - iint = iint_lock->iint;
> + iint = READ_ONCE(iint_lock->iint);
> if (iint)
> return iint;
>
> @@ -109,7 +109,7 @@ struct ima_iint_cache *ima_inode_get(struct inode *inode)
>
> ima_iint_init_always(iint, inode);
>
> - iint_lock->iint = iint;
> + WRITE_ONCE(iint_lock->iint, iint);
>
> return iint;
> }
Powered by blists - more mailing lists